fix: ensure condition errors do not change with every req

pkg/controllers/externalsecret/externalsecret_controller.go

@@ -28,7 +28,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
-	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 	"github.com/external-secrets/external-secrets/pkg/provider"
@@ -232,12 +231,8 @@ func (r *Reconciler) getProviderSecretData(ctx context.Context, providerClient p
 }
 
 func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
-	// prevent reconcile on status updates
-	// https://github.com/kubernetes-sigs/kubebuilder/issues/618#issuecomment-698018831
-	pred := predicate.GenerationChangedPredicate{}
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&esv1alpha1.ExternalSecret{}).
-		WithEventFilter(pred).
 		Owns(&corev1.Secret{}).
 		Complete(r)
 }

pkg/provider/aws/parameterstore/parameterstore.go

@@ -25,6 +25,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
+	"github.com/external-secrets/external-secrets/pkg/provider/aws/util"
 )
 
 // ParameterStore is a provider for AWS ParameterStore.
@@ -55,7 +56,7 @@ func (pm *ParameterStore) GetSecret(ctx context.Context, ref esv1alpha1.External
 		WithDecryption: aws.Bool(true),
 	})
 	if err != nil {
-		return nil, fmt.Errorf("unable to get parameter: %w", err)
+		return nil, util.SanitizeErr(err)
 	}
 	if ref.Property == "" {
 		if out.Parameter.Value != nil {

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -24,6 +24,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
+	"github.com/external-secrets/external-secrets/pkg/provider/aws/util"
 )
 
 // SecretsManager is a provider for AWS SecretsManager.
@@ -58,7 +59,7 @@ func (sm *SecretsManager) GetSecret(ctx context.Context, ref esv1alpha1.External
 		VersionStage: &ver,
 	})
 	if err != nil {
-		return nil, err
+		return nil, util.SanitizeErr(err)
 	}
 	if ref.Property == "" {
 		if secretOut.SecretString != nil {

pkg/provider/aws/util/errors.go

@@ -0,0 +1,32 @@
+/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// SanitizeErr removes sanitizes the error string
+// because the requestID must not be included in the error.
+func SanitizeErr(err error) error {
+	var bErr awserr.BatchedErrors
+	if errors.As(bErr, &bErr) {
+		return fmt.Errorf("%s: %s", bErr.Code(), bErr.Message())
+	}
+	return err
+}